Reported Vulnerabilities
The following is a list of vulnerabilities that are reported by me. (海老原の報告した脆弱性のリストです)
In 2006
- CSRF vulnerability in Filn (Apr)
In 2010
In 2011
- CSRF vulnerability in Openpear (IPA#38838163) (Feb)
- SQL Injection vulnerability in a SOHO site (IPA#99045153) (Jun)
- XSS vulnerability in ATND (Jul)
- Mixed content on SSL page in the website of Recruit, inc. (Jul)
- Two open-redirector vulnerabilities in a website of So-net Entertainment, inc. (Jul)
- Seven XSS vulnerabilities in a website of So-net Entertainment, inc. (Jul)
- Two CSRF vulnerabilities in a website of So-net Entertainment, inc. (Jul)
- Authentication bypass vulnerability in まちつく (by miss configuration) (Aug)
- XSS vulnerability in ECナビ (Sep)
- XSS vulnerability in ギフトランド (Sep)
- Bypass request header restriction of XMLHttpRequest (camouflage sensitive information) in PC site viewer browser in au by KDDI F001 (Nov) [co3k.org:19] [webappsec.org]
In 2012
- XSS vulnerability in WordPress cforms II Plugin (Feb) [co3k.org:26] [JVN#35256978] [Secunia] [BUGTRAQ]
- CSRF vulnerability in OpenPNE3 opCommunityTopicPlugin (Feb) [OpenPNE:OPSA-2012-001]
- XSS vulnerability in Redmine (Mar) [JVN#93406632] [Secunia:SA48362]
- XSS vulnerability in OSQA (Apr) [JVN#15503729]
- XSS vulnerability in Vector (IPA#42388023) (May)
- XSS vulnerability in yaplog! (IPA#64402871、IPA#93964380) (Oct)
In 2013
- XXE vulnerability in PHP OpenID Library (Aug) [JVN#24713981] [Secunia:SA5452]
- XXE vulnerability in OpenPNE 3 [OpenPNE:OPSA-2013-003] [Secunia:SA54690]
- XXE vulnerability in Apache Shindig [CVE-2013-4295]
- SQL Injection vulnerability in DMM.co.jp
In 2014
- XSS vulnerability in ATND (Dec)
- XSS vulnerability in RedCloth (Dec) [co3k.org:redcloth-unfixed-xss]
In 2017
- XSS vulnerability in Slack (Sep) [HackerOne:258198]
In 2018
- XSS vulnerability in Coincheck (Feb)
- XSS vulnerability in Kibela (Aug)